nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis

2,597 views
2,441 views

Published on

Cyber crime 101: Cost of cyber crime, trends and analysis by Shashidhar C.N & Simran Gambhi

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,597
On SlideShare
0
From Embeds
0
Number of Embeds
66
Actions
Shares
0
Downloads
81
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis

  1. 1. Cybercrime – A Tech View & Alternative Perspective 26th February 2011 C N Shashidhar & Simran Gambhirhttp://null.co.in/ http://nullcon.net/
  2. 2. Cybercrime 101 – A Technology view 26th February 2011 C N Shashidhar http://in.linkedin.com/in/cnshashidharahttp://null.co.in/ http://nullcon.net/
  3. 3. The modern thief can steal more with a computer than with a gun. Tomorrows terrorist may be able to do more damage with a keyboard than with a bomb. United Nations Interregional Crime & Justice Research Institute, UNICRI – Italy Every new technology opens the door to new criminal approaches Phrack mag, Issue# 64, Article# 13, “Anonymous”http://null.co.in/ http://nullcon.net/ 3
  4. 4. Hackers – Hacker Profiling Project• Wannabe (Lamers) - I wud luv to be a hacker type• Script Kiddies – rely on scripts & programs written by others• Cracker – Technically skilled with malicious intentions• Ethical Hacker – Highly skilled with good intentions – law abiding• QPS (Quiet Paranoid Skilled hacker) – Operate alone – Whitehats / Blackhats• Cyber Warrior/Mercenary – Hacker for hire• Industrial Spy Hacker• Govt. Agent Hacker• Military Hacker – IW specialists 4
  5. 5. Underground Economy Biz Model - 1 6
  6. 6. Underground Economy Biz Model 7
  7. 7. Org Chart of Underground Economy Biz 8
  8. 8. Underground Economy Biz model - 2 9
  9. 9. Cyber Crime Biz model• C2C model – Criminal to Criminal • Cyber crime is the No. 1 criminal activity overtaking drugs in the US in 2009 • Organized as Corporate Biz model –Highly sophisticated syndicates • Russian mafia using business partners & rewarding top performers• Crime as a Service • Crimeware • Carding • Spam • Phishing & Bank frauds – ATM skimming • Pharma scams • Pornography • Criminal ISPs • Counterfeiting • Virtual money • Money Laundering 10
  10. 10. Crime as a Service• Crimeware • Bots, Trojans, Key loggers & Viruses • Zeus Banking trojan/botnet – Customized & delivered as SAAS ; full blown version - $ 700 USD ; • TJ Maxx & Heartland systems attacks – 1 Bln card details compromised - Albert Gonzalez • RBS Worldpay hack – 9.5 $mln USD loss – 4 hackers – Viktor Pleshchuk of St Petersburg arrested in March 2010. Others involved – Sergie Tsurikov of Tallin, Estonia, Oleg Covelin of Chisinau, Moldova & Hacker 3 • Identity theft • Complete Identities for sale – Address, SSN, Bank A/c, Credit Card info – Price $ 1 to $50 per identity, guaranteed Service Level Agreements • Application theft – Using fake identity to open accounts • Account takeover – Masquerade as real owner of account & ask for change in mailing address • Carding – Verifying validity of card data • Spam – Unsolicited mails • Phishing – Emails to user for reset of banking pin • Bank frauds – ATM skimming (video) • Pharma scams • Pornography • Counterfeiting • Virtual money / Digital Cash • eGold • Yandex • Webmoney • Money Laundering 11
  11. 11. Cyber Crime & Infrastructure• 2001 – 2005 – Shadowcrew – Founded in 2002 by Seth Sanders (Kidd), Kim Taylor (MacGyver) & Albert Gonzalez (CumbaJohnny). 4000 members internationally. Carding site busted by US Secret Service in 2004 – Cha0 – Cagatay Evyapan - Turkish – Biggest ATM Skimmer ever – Arrested Sept 2008 12
  12. 12. Cyber Crime & Infrastructure• 2001 – 2005• Dark Market – The Facebook for Fraudsters• Founded in 2004 by Renukanth Subramaniam (JiLsi), Marcus Keller (Matrix001) & Max Ray Butler (MaxVision & Iceman) – Carders Market – 86 $ mln business – Infiltrated by FBI agent Keith Mularski & shut down in 2008 – JiLsi worked as a Pizza Hut despatch courier by day & used the Java Bean internet café at Wembley as his office for operating on DarkMarket forum. Carried the OS on a USB stick to avoid leaving trails• DarkMarket price list• Trusted vendors on DarkMarket offered a smorgasbord of personal data, viruses, and card- cloning kits at knockdown prices. Going rates were:• Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: $50. Gold/platinum: $80. Corporate: $180.• Card verification values Information needed for online transactions. $3-$10 depending on quality.• Full information/change of billing Information needed for opening or taking over account details. $150 for account with $10,000 balance. $300 for one with $20,000 balance.• Skimmer Device to read card data. Up to $7,000.• Bank logins 2% of available balance.• Credit card images Both sides of card. $30 each.• Embossed card blanks $50 each.• Holograms $5 per 100.• Hire of botnet Software robots used in spam attacks. $50 a day. 13
  13. 13. Cyber Crime & InfrastructureLogin page of Darkmarket.ws 14
  14. 14. Cyber Crime & InfrastructureUser who is interested in buying access to 3000-4000 infected machines aweek. 15
  15. 15. Cyber Crime & Infrastructure"Get more $$$ for your logs" - this user is advertising cashing services for various banks, used to stealmoney from online bank accounts. Credentials for these accounts have been stolen via keyloggers. 16
  16. 16. Cyber Crime & InfrastructureDistributed-denial-of-service attacks for sale. "This is a great deal on DDOS attacks and cannot be beat by anyone!"200 "dove" stickers for $1500. "Dove stickers" are VISA credit card holograms. 17
  17. 17. Cyber Crime & Infrastructure• Russian Business Network – Verisign – “Baddest of the Bad”• RBN–2$ bln (08) & 150$ mln rev (06-07) ; Criminal ISP • Bullet proof hosting • Owned by Flyman – nephew of Russian politician • Located at #12, Levashovskiv prospect, 197110, St Petersburg, Russia • Tracked by Law Enforcement agencies • Recruit skilled hackers in Russia for creating malware & exploit 0 days • Mysteriously disappeared on 4th Nov 2007 – Believed to be operating under different names• Google maps image of RBN location 18
  18. 18. Cyber Crime & Infrastructure RBN Group Companies Too Coin Software MicronNet Credolink Eltel SBT Luglink RBNConnectCom RBN Oinsinvest Eltel2 AkiMon Deltasys Linkey Nevacon Rustelecom Silvernet 19
  19. 19. Cyber Crime & Infrastructure• Russian Business Network 20
  20. 20. Cyber Crime & Infrastructure Russian Business Network 21
  21. 21. Cyber Crime & Infrastructure• 2005 to Now • Innovative Marketing Inc • Founded by Daniel Sundin & Sam Jain in 2002 at Belize & later moved to Kiev, Ukraine • Pirated music, software, pornography & Viagra • Disbanded in 2008 but operating under different names 22
  22. 22. Cyber Crime & Infrastructure• 2011 ATM Fraud• http://www.nbcchicago.com/news/local-beat/atm-thefts-116435289.html 23
  23. 23. Cloud Cloud increasingly being used by cyber criminalsBy way of example, O’Connor said cyber criminals could usethe Cloud to secretly store and distribute child abuse materialfor commercial purposes.Legitimate businesses may well be turning to the Cloud in increasingnumbers, but so too are illegitimate business, according to theMinister for Home Affairs and Justice, Brendan OConnor.In a speech, given at the International Association of PrivacyProfessionals Annual Conference in Sydney, OConnor said cybercriminals were increasingly exploiting the Cloud to achieve their ownaims."Cyber criminals can not only steal data from Clouds, they can alsohide data in Clouds," he said. "Rogue Cloud service providers based incountries with lax cybercrime laws can provide confidential hostingand data storage services, which facilitates the storage anddistribution of criminal data, avoiding detection by law enforcementagencies. 24
  24. 24. Cyber Crime Protection• Regulatory framework to combat Cyber Crime – UN & NATO leading the way now• Stricter laws to combat Cyber Crime – No safe havens• Long term responses – Coordination & Harmonization of efforts at National & International levels• User awareness & education – Public / Private partnership• Switch to banks offering secure services & tell them• Genuine Software• Patch regularly• Use effective Anti Virus• Use a personal firewall• Use common sense when transacting online / ATMs 25
  25. 25. Carding 26
  26. 26. Creditshttp://www.freedomfromfearmagazine.org & Raoul Chiesa, UNICRI Italyhttp://www.freedomfromfearmagazine.org/index.php?option=com_content&view=article&id=302:hackers-profiling-who-are-the-attackers&catid=50:issue-7&Itemid=161http://www.fortiguard.com/analysis/zeusanalysis.htmlhttp://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1514783,00.htmlhttp://www.bizeul.org/files/RBN_study.pdfhttp://www.oswmag.com/article/cloud-increasingly-being-used-cyber-criminals&urlhash=A93h&goback=.gmp_1864210.gde_1864210_member_36651911http://theeuropean-magazine.com/83-chiesa-raoul/84-cybercrime-and-cyberwar&urlhash=_uFM&goback=.gmp_2677290.gde_2677290_member_39400172http://www.wired.com/threatlevel/tag/carding/Fatal System Error by Joseph Menn http://www.guardian.co.uk/technology/2010/jan/1http://null.co.in 4/darkmarket-online-fraud-trial-wembleyhttp://www.wired.com/threatlevel/2010/03/alleged-rbs-hacker-arrestedhttp://www.youtube.com/watch?v=AY_SPP1loFshttp://www.youtube.com/watch?v=aUyiUAx4NxY 27
  27. 27. Cyber CrimeAn Alternate Perspective simran@dn.gsNullcon Goa – 26th of Feb 2011
  28. 28. The DefinitionA crime is a breach of law for which the governing authority can prescribe a conviction and subsequent punishment
  29. 29. Some Facts: Cyber Crime is… Often with faceless but real “victims”Costs “real” money BIG Business
  30. 30. A PerspectiveCyber Crime is “BAD”
  31. 31. Legality vs Morality
  32. 32. A Market Need Hawala is illegal in many countries around the worldHawala provides a means to an endfor millions of people (people the “legal”systems do not know how to serve!)
  33. 33. Honesty and Transparency
  34. 34. A Revolution
  35. 35. Don’t Believe The Hype
  36. 36. Think outside the boxAsk Yourself “Why?”

×